{"report_id":"3dd60ce4-a8a5-4c5f-8e4d-757921ab0b5e","version":6,"status":"done","tags":["dhl","logistics","phishing"],"date":"2023-11-25T17:31:03Z","url":{"schema":"http","addr":"mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php","fqdn":"mdejq4mh.dreamwp.com","domain":"dreamwp.com","tld":"com"},"ip":{"addr":"43.250.251.25","port":0,"asn":38719,"as":"Dreamscape Networks Limited","country":"Australia","country_code":"AU"},"final":{"url":{"schema":"https","addr":"mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php","fqdn":"mdejq4mh.dreamwp.com","domain":"dreamwp.com","tld":"com"},"title":"Global Logistics | International Shipping | DHL | Poland"},"submit":{"url":{"schema":"","addr":"","fqdn":"","domain":"","tld":""},"ip":{"addr":"","port":0,"asn":0,"as":"","country":"","country_code":""},"tags":null,"meta":null},"settings":{"access":"public","device_type":"desktop","expires_at":"2026-10-26T10:51:42Z","useragent":"Mozilla/5.0 (X11; Linux x86_64; rv:96.0) Gecko/20100101 Firefox/96.0","referer":"","cookies":null,"exit_node":"default"},"stats":{"alert_count":{"ids":0,"urlquery":0,"analyzer":0}},"detection":{"ids":null,"analyzer":null,"urlquery":null},"summary":[{"fqdn":"mdejq4mh.dreamwp.com","ip":{"addr":"43.250.251.25","port":0,"asn":38719,"as":"Dreamscape Networks Limited","country":"Australia","country_code":"AU"},"domain_registered":"2016-06-23","domain_rank":0,"first_seen":"2023-11-24 16:32:34","last_seen":"2023-11-24 16:32:34","alert_count":20,"request_count":11,"received_data":52280,"sent_data":5797,"comment":"","tags":null,"fingerprints":null}],"files":null,"artifacts":{"windows_shortcuts":null,"files":null,"telegram":null,"pdfs":null,"clipboard":null},"sensors":{"ids":[{"sensor_name":"suricata","description":"Suricata /w Emerging Threats Pro","alerts":[{"sensor_name":"suricata","title":"","description":"","date":"2023-11-25T17:30:48Z","timestamp":1700933448,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":41902,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)","source":"{\"timestamp\":\"2023-11-25T17:30:48.669818+0000\",\"flow_id\":2048990103746682,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.71\",\"src_port\":41902,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048726,\"rev\":1,\"signature\":\"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"10.70.215.1\",\"port\":53},\"target\":{\"ip\":\"10.70.215.71\",\"port\":41902},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2023_10_23\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_10_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_23\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":53321,\"rrname\":\"mdejq4mh.dreamwp.com\",\"rrtype\":\"A\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":91,\"bytes_toclient\":0,\"start\":\"2023-11-25T17:30:48.669818+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-25T17:30:48Z","timestamp":1700933448,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":52338,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)","source":"{\"timestamp\":\"2023-11-25T17:30:48.669985+0000\",\"flow_id\":467224515590433,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.71\",\"src_port\":52338,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048726,\"rev\":1,\"signature\":\"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"10.70.215.1\",\"port\":53},\"target\":{\"ip\":\"10.70.215.71\",\"port\":52338},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2023_10_23\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_10_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_23\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":40383,\"rrname\":\"mdejq4mh.dreamwp.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":91,\"bytes_toclient\":0,\"start\":\"2023-11-25T17:30:48.669985+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-25T17:30:48Z","timestamp":1700933448,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":58952,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)","source":"{\"timestamp\":\"2023-11-25T17:30:48.682150+0000\",\"flow_id\":1313163421706406,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.71\",\"src_port\":58952,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048726,\"rev\":1,\"signature\":\"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"10.70.215.1\",\"port\":53},\"target\":{\"ip\":\"10.70.215.71\",\"port\":58952},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2023_10_23\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_10_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_23\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":22100,\"rrname\":\"mdejq4mh.dreamwp.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":91,\"bytes_toclient\":0,\"start\":\"2023-11-25T17:30:48.682150+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-25T17:30:50Z","timestamp":1700933450,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":54536,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)","source":"{\"timestamp\":\"2023-11-25T17:30:50.385534+0000\",\"flow_id\":1399481527099902,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.71\",\"src_port\":54536,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048726,\"rev\":1,\"signature\":\"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"10.70.215.1\",\"port\":53},\"target\":{\"ip\":\"10.70.215.71\",\"port\":54536},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2023_10_23\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_10_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_23\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":37151,\"rrname\":\"mdejq4mh.dreamwp.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":91,\"bytes_toclient\":0,\"start\":\"2023-11-25T17:30:50.385534+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-25T17:30:50Z","timestamp":1700933450,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":43866,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)","source":"{\"timestamp\":\"2023-11-25T17:30:50.386500+0000\",\"flow_id\":501607876453828,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.71\",\"src_port\":43866,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048726,\"rev\":1,\"signature\":\"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"10.70.215.1\",\"port\":53},\"target\":{\"ip\":\"10.70.215.71\",\"port\":43866},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2023_10_23\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_10_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_23\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":20891,\"rrname\":\"mdejq4mh.dreamwp.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":91,\"bytes_toclient\":0,\"start\":\"2023-11-25T17:30:50.386500+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-25T17:30:50Z","timestamp":1700933450,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":39686,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)","source":"{\"timestamp\":\"2023-11-25T17:30:50.387574+0000\",\"flow_id\":1434356661545462,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.71\",\"src_port\":39686,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048726,\"rev\":1,\"signature\":\"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"10.70.215.1\",\"port\":53},\"target\":{\"ip\":\"10.70.215.71\",\"port\":39686},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2023_10_23\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_10_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_23\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":59687,\"rrname\":\"mdejq4mh.dreamwp.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":91,\"bytes_toclient\":0,\"start\":\"2023-11-25T17:30:50.387574+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-25T17:30:50Z","timestamp":1700933450,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":52301,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)","source":"{\"timestamp\":\"2023-11-25T17:30:50.388430+0000\",\"flow_id\":480051435597134,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.71\",\"src_port\":52301,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048726,\"rev\":1,\"signature\":\"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"10.70.215.1\",\"port\":53},\"target\":{\"ip\":\"10.70.215.71\",\"port\":52301},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2023_10_23\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_10_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_23\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":48636,\"rrname\":\"mdejq4mh.dreamwp.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":91,\"bytes_toclient\":0,\"start\":\"2023-11-25T17:30:50.388430+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-25T17:30:50Z","timestamp":1700933450,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":48597,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)","source":"{\"timestamp\":\"2023-11-25T17:30:50.390082+0000\",\"flow_id\":908066401481666,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.71\",\"src_port\":48597,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048726,\"rev\":1,\"signature\":\"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"10.70.215.1\",\"port\":53},\"target\":{\"ip\":\"10.70.215.71\",\"port\":48597},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2023_10_23\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_10_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_23\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":38387,\"rrname\":\"mdejq4mh.dreamwp.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":91,\"bytes_toclient\":0,\"start\":\"2023-11-25T17:30:50.390082+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-25T17:30:50Z","timestamp":1700933450,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":53890,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)","source":"{\"timestamp\":\"2023-11-25T17:30:50.393136+0000\",\"flow_id\":1586168723079088,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.71\",\"src_port\":53890,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048726,\"rev\":1,\"signature\":\"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"10.70.215.1\",\"port\":53},\"target\":{\"ip\":\"10.70.215.71\",\"port\":53890},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2023_10_23\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_10_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_23\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":2005,\"rrname\":\"mdejq4mh.dreamwp.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":91,\"bytes_toclient\":0,\"start\":\"2023-11-25T17:30:50.393136+0000\"}}"},{"sensor_name":"suricata","title":"","description":"","date":"2023-11-25T17:30:51Z","timestamp":1700933451,"ip_dst":{"addr":"Internal IP","port":53,"asn":0,"as":"","country":"","country_code":"zz"},"ip_src":{"addr":"Client IP","port":52503,"asn":0,"as":"","country":"","country_code":"zz"},"severity":"low","alert":"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)","source":"{\"timestamp\":\"2023-11-25T17:30:51.287860+0000\",\"flow_id\":198924351267956,\"in_iface\":\"lxdbr0\",\"event_type\":\"alert\",\"src_ip\":\"10.70.215.71\",\"src_port\":52503,\"dest_ip\":\"10.70.215.1\",\"dest_port\":53,\"proto\":\"UDP\",\"tx_id\":0,\"alert\":{\"action\":\"allowed\",\"gid\":1,\"signature_id\":2048726,\"rev\":1,\"signature\":\"ET INFO Commonly Abused WordPress Application Related Domain in DNS Lookup (dreamwp .com)\",\"category\":\"Misc activity\",\"severity\":3,\"source\":{\"ip\":\"10.70.215.1\",\"port\":53},\"target\":{\"ip\":\"10.70.215.71\",\"port\":52503},\"metadata\":{\"attack_target\":[\"Client_Endpoint\"],\"confidence\":[\"Medium\"],\"created_at\":[\"2023_10_23\"],\"deployment\":[\"Perimeter\"],\"former_category\":[\"INFO\"],\"performance_impact\":[\"Low\"],\"reviewed_at\":[\"2023_10_23\"],\"signature_severity\":[\"Informational\"],\"updated_at\":[\"2023_10_23\"]}},\"dns\":{\"query\":[{\"type\":\"query\",\"id\":50728,\"rrname\":\"mdejq4mh.dreamwp.com\",\"rrtype\":\"AAAA\",\"tx_id\":0}]},\"app_proto\":\"dns\",\"flow\":{\"pkts_toserver\":1,\"pkts_toclient\":0,\"bytes_toserver\":91,\"bytes_toclient\":0,\"start\":\"2023-11-25T17:30:51.287860+0000\"}}"}]}],"analyzer":[{"sensor_name":"infosec_yara","type":"yara","description":"Public InfoSec YARA rules","link":"","alerts":null},{"sensor_name":"openphish","type":"url","description":"OpenPhish","link":"","alerts":null},{"sensor_name":"phishtank","type":"url","description":"PhishTank","link":"","alerts":null},{"sensor_name":"mnemonic_dns","type":"domain","description":"mnemonic secure dns","link":"","alerts":null},{"sensor_name":"quad9","type":"domain","description":"Quad9 DNS","link":"","alerts":null},{"sensor_name":"threatfox","type":"url","description":"ThreatFox","link":"","alerts":null}],"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]},"javascript":{"script":[{"url":{"schema":"https","addr":"mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php","fqdn":"mdejq4mh.dreamwp.com","domain":"dreamwp.com","tld":"com"},"ip":{"addr":"43.250.251.25","port":0,"asn":38719,"as":"Dreamscape Networks Limited","country":"Australia","country_code":"AU"},"introduction_type":"scriptElement","is_inline":true,"md5":"d41d8cd98f00b204e9800998ecf8427e","sha1":"da39a3ee5e6b4b0d3255bfef95601890afd80709","sha256":"e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855","sha512":"cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e","ssdeep":"","tlshash":"","size":0,"data":"","first_seen":"0001-01-01T00:00:00Z","last_seen":"2026-04-05T13:47:07.33171Z","times_seen":13377129,"alerts":{"ids":null,"analyzer":null,"urlquery":null}}],"eval":null,"write":null},"http":[{"url":{"schema":"https","addr":"mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php","fqdn":"mdejq4mh.dreamwp.com","domain":"dreamwp.com","tld":"com"},"ip":{"addr":"43.250.251.25","port":0,"asn":38719,"as":"Dreamscape Networks Limited","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-11-25T17:30:50.188277705Z","timestamp":1700933450188,"http_version":"","security_state":"secure","security_info":null,"request":{"raw":"GET /wp-includes/ki/dhlziko/sk/billing.php HTTP/1.1\r\nHost: mdejq4mh.dreamwp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nUpgrade-Insecure-Requests: 1\r\nConnection: keep-alive\r\nSec-Fetch-Dest: document\r\nSec-Fetch-Mode: navigate\r\nSec-Fetch-Site: cross-site\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 25 Nov 2023 17:30:46 GMT\r\ncontent-type: text/html; charset=UTF-8\r\ncontent-length: 1453\r\ncache-control: max-age=7200\r\nexpires: Sat, 25 Nov 2023 19:30:46 GMT\r\nvary: Accept-Encoding\r\ncontent-encoding: gzip\r\nx-newfold-cache-level: 2\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":1453,"size_decoded":0,"mime_type":"text/html; charset=utf-8","magic":"HTML document text\\012- HTML document text\\012- HTML document text\\012- HTML document text\\012- exported SGML document, Unicode text, UTF-8 text","md5":"c9fe31ef8d139d6771c3d4ad1dd59c4b","sha1":"80bc0ac054f0358d89508453e696eb6221940632","sha256":"2a04d8f955a1822403d00c0b4da43543592418d030e0cb6dd857b09eb9db61c8","sha512":"d0050e77d0d4f85ddde9675bc72167f2053631d79de0f00589954e7fb9affc651abbe6783a288c4634b1f2ec7b89220ebd04a15810e1d071215a06ad79683602","ssdeep":"48:4Q2xnDyFodPCmo9VDVqosoGGYdFgnGI9whcBbPZgdtTLduTHCCT:F4fDVFAjghuTHCc","tlshash":"fab1ce3010f4242365d28994ba659a0b7f91ff83991f476172ee9fd52fc3e96cc2301a","first_seen":"2023-04-25T13:45:59Z","last_seen":"2024-08-21T08:52:10.29314Z","times_seen":34,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":null}},{"url":{"schema":"https","addr":"mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/images/dhl-logo.svg","fqdn":"mdejq4mh.dreamwp.com","domain":"dreamwp.com","tld":"com"},"ip":{"addr":"43.250.251.25","port":443,"asn":38719,"as":"Dreamscape Networks Limited","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php","date":"2023-11-25T17:30:50.397Z","timestamp":1700933450397,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dreamwp.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 04 Jan 2023 00:00:00 GMT","end":"Mon, 15 Jan 2024 23:59:59 GMT"},"fingerprint":{"sha1":"30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC","sha256":"74:5A:43:66:81:0B:05:62:3A:F2:A2:6E:E2:E4:4C:6D:47:AB:7A:49:CD:57:0F:A8:51:BB:C5:DB:A0:C2:3E:C4"}}},"request":{"raw":"GET /wp-includes/ki/dhlziko/sk/images/dhl-logo.svg HTTP/1.1\r\nHost: mdejq4mh.dreamwp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 25 Nov 2023 17:30:47 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 1603\r\nlast-modified: Mon, 06 Mar 2023 12:34:04 GMT\r\ncache-control: max-age=86400\r\nexpires: Sun, 26 Nov 2023 17:30:47 GMT\r\nx-newfold-cache-level: 2\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1603,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image\\012- XML 1.0 document text\\012- XML document text\\012- HTML document text\\012- exported SGML document, ASCII text","md5":"3fecc9db35d5d2a9e6e71ab4b02d22e5","sha1":"628ba2f505b480097445aaf08649a08242bd6847","sha256":"362bcaa42090e36611031bec6bdaa0600375ef847092cca195c58d3bae9b4419","sha512":"c0d70d0f914d3d9f29366c9886f174580675334ec79ba77158c4cf184075540dd7d25b3f35f7129c1fae764527574daec29f5fb8434817ccbef6951b332cdd5e","ssdeep":"","tlshash":"90317c570394e6ea9d018740473c52d922d1e9afc87064c8a9f33c27eb4cc5848b86d7","first_seen":"2023-04-30T18:39:16Z","last_seen":"2026-03-31T14:03:54.849741Z","times_seen":2758,"resource_available":false,"data":null}},"time_used":303,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":303,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/images/headermobile.JPG","fqdn":"mdejq4mh.dreamwp.com","domain":"dreamwp.com","tld":"com"},"ip":{"addr":"43.250.251.25","port":443,"asn":38719,"as":"Dreamscape Networks Limited","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php","date":"2023-11-25T17:30:50.403Z","timestamp":1700933450403,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dreamwp.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 04 Jan 2023 00:00:00 GMT","end":"Mon, 15 Jan 2024 23:59:59 GMT"},"fingerprint":{"sha1":"30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC","sha256":"74:5A:43:66:81:0B:05:62:3A:F2:A2:6E:E2:E4:4C:6D:47:AB:7A:49:CD:57:0F:A8:51:BB:C5:DB:A0:C2:3E:C4"}}},"request":{"raw":"GET /wp-includes/ki/dhlziko/sk/images/headermobile.JPG HTTP/1.1\r\nHost: mdejq4mh.dreamwp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 25 Nov 2023 17:30:47 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9061\r\nlast-modified: Mon, 06 Mar 2023 12:34:04 GMT\r\netag: \"6405ddbc-2365\"\r\nexpires: Mon, 25 Dec 2023 17:30:47 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9061,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 185x56, components 3\\012- data","md5":"5bd5e8588c60476b1f05d3a98097bb9a","sha1":"d5cc42e7f3ac4e3f99f37d0133b6aac3ad18e810","sha256":"c600aea2fa4dad3a13560e01bedf9e6c45db0571c3257d9e53e51c4f8fbbc41f","sha512":"865fad88afd10606aff5b00f97f4244841d9bf26aa3551ea8170a25caec15daab1c3dbddd5f9569951de4ff857d967e98d2ab69c5ee72f069a7d04c453690ac3","ssdeep":"96:6TzapkwTk0asFUzPE90kdr29ZxKI7qG0v:2zgkyklO6P7kMIKE","tlshash":"ea120c1c66127f40e81ab97548ce13c78027000b4bc17d16b6bc74e35f1c7d23e75985","first_seen":"2023-04-30T18:39:16Z","last_seen":"2026-03-31T08:54:19.029562Z","times_seen":935,"resource_available":false,"data":null}},"time_used":586,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":585,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/images/saba9m.JPG","fqdn":"mdejq4mh.dreamwp.com","domain":"dreamwp.com","tld":"com"},"ip":{"addr":"43.250.251.25","port":443,"asn":38719,"as":"Dreamscape Networks Limited","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php","date":"2023-11-25T17:30:50.405Z","timestamp":1700933450405,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dreamwp.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 04 Jan 2023 00:00:00 GMT","end":"Mon, 15 Jan 2024 23:59:59 GMT"},"fingerprint":{"sha1":"30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC","sha256":"74:5A:43:66:81:0B:05:62:3A:F2:A2:6E:E2:E4:4C:6D:47:AB:7A:49:CD:57:0F:A8:51:BB:C5:DB:A0:C2:3E:C4"}}},"request":{"raw":"GET /wp-includes/ki/dhlziko/sk/images/saba9m.JPG HTTP/1.1\r\nHost: mdejq4mh.dreamwp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 25 Nov 2023 17:30:47 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 7956\r\nlast-modified: Mon, 06 Mar 2023 12:34:04 GMT\r\netag: \"6405ddbc-1f14\"\r\nexpires: Mon, 25 Dec 2023 17:30:47 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7956,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 28x23, components 3\\012- data","md5":"9c39dfb4e67c4e51c573e9206c531644","sha1":"097e34f53e6e287377bd18f31be3cb69111b6815","sha256":"d1b64fb7749d0d3c905c5244660a21f3d8e29699457f2889274c8a717742b6c5","sha512":"3bf31d70954779a6804fdb3c656cc2665571cd291d7a74b8a4bc8f09b4d2e7cebc367f47a5c6422e51b26bc088f532e4bec1d18568fc2d5ffd08b988ddea91ae","ssdeep":"48:6T5u13iHKkh3qk/3s5v03qk0e7s2QU/bxYuERABXGL:6Tg13dpkQTk0asFUz1EEY","tlshash":"62f1952964077e80d82bb87248fd21cad067054779c02d09b5edb8d39b2c6d12fb9985","first_seen":"2023-04-30T18:39:16Z","last_seen":"2026-03-31T08:54:19.030473Z","times_seen":934,"resource_available":false,"data":null}},"time_used":594,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":594,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/images/ssdsd.JPG","fqdn":"mdejq4mh.dreamwp.com","domain":"dreamwp.com","tld":"com"},"ip":{"addr":"43.250.251.25","port":443,"asn":38719,"as":"Dreamscape Networks Limited","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php","date":"2023-11-25T17:30:50.409Z","timestamp":1700933450409,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dreamwp.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 04 Jan 2023 00:00:00 GMT","end":"Mon, 15 Jan 2024 23:59:59 GMT"},"fingerprint":{"sha1":"30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC","sha256":"74:5A:43:66:81:0B:05:62:3A:F2:A2:6E:E2:E4:4C:6D:47:AB:7A:49:CD:57:0F:A8:51:BB:C5:DB:A0:C2:3E:C4"}}},"request":{"raw":"GET /wp-includes/ki/dhlziko/sk/images/ssdsd.JPG HTTP/1.1\r\nHost: mdejq4mh.dreamwp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 25 Nov 2023 17:30:47 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 7949\r\nlast-modified: Mon, 06 Mar 2023 12:34:04 GMT\r\netag: \"6405ddbc-1f0d\"\r\nexpires: Mon, 25 Dec 2023 17:30:47 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":7949,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 28x28, components 3\\012- data","md5":"fdd21be8e8d91f9612828bbdb7747a73","sha1":"450367143011e254d1778cdce71748d768cb9259","sha256":"7dcdd04db64c3edd7e9868c6238b622d33caee1e7bdadbf2623d801109eefef1","sha512":"898ff2188cdba2fa43fc5b9b872a1e00c8216fc2b7fbaaa431be3fc2834cf7455e40eb31010b56961e388899c3b928561e4f85f5ad9a43d044d8ce7f4b27461c","ssdeep":"48:6T5A9wHKkh3qk/3sg03qk0e7s2QU/bx57uERAXFb:6TO9fpk1Tk0asFUz/iEYb","tlshash":"83f1952c2847be40d96bf97244ed21cb90674407bec06d0975eeb8939b1c7d11f69986","first_seen":"2023-04-30T18:39:16Z","last_seen":"2026-03-31T08:54:19.038281Z","times_seen":932,"resource_available":false,"data":null}},"time_used":614,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":613,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/images/feedback.png","fqdn":"mdejq4mh.dreamwp.com","domain":"dreamwp.com","tld":"com"},"ip":{"addr":"43.250.251.25","port":443,"asn":38719,"as":"Dreamscape Networks Limited","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php","date":"2023-11-25T17:30:50.411Z","timestamp":1700933450411,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dreamwp.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 04 Jan 2023 00:00:00 GMT","end":"Mon, 15 Jan 2024 23:59:59 GMT"},"fingerprint":{"sha1":"30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC","sha256":"74:5A:43:66:81:0B:05:62:3A:F2:A2:6E:E2:E4:4C:6D:47:AB:7A:49:CD:57:0F:A8:51:BB:C5:DB:A0:C2:3E:C4"}}},"request":{"raw":"GET /wp-includes/ki/dhlziko/sk/images/feedback.png HTTP/1.1\r\nHost: mdejq4mh.dreamwp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 25 Nov 2023 17:30:47 GMT\r\ncontent-type: image/png\r\ncontent-length: 1577\r\nlast-modified: Mon, 06 Mar 2023 12:34:04 GMT\r\netag: \"6405ddbc-629\"\r\nexpires: Mon, 25 Dec 2023 17:30:47 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1577,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 35 x 126, 8-bit colormap, non-interlaced\\012- data","md5":"50b476a98e8a8fcab1eac59777d9491a","sha1":"e7c94532df83b7d56e5e6512408b342c6eeb9591","sha256":"3221db8f898b88e467ebbb8ae155a37bd02087b3df197ad5c4ecead06db08cdf","sha512":"06dcd767f18d83aa1fa6cb7f4b45e668c3b42c7ff87d43405a1697d1ded53c26a57b42dd14d88e0163b4d3b546a58fe51d37d147535db3bf65d7164a186f61b7","ssdeep":"","tlshash":"6631e7c791d482a49a4dc075af4326c048fac9755d5e3a9cf11a4913d78f00b959179c","first_seen":"2023-04-30T18:39:16Z","last_seen":"2026-03-31T08:54:19.040651Z","times_seen":935,"resource_available":false,"data":null}},"time_used":612,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":612,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/images/socials.JPG","fqdn":"mdejq4mh.dreamwp.com","domain":"dreamwp.com","tld":"com"},"ip":{"addr":"43.250.251.25","port":443,"asn":38719,"as":"Dreamscape Networks Limited","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php","date":"2023-11-25T17:30:50.412Z","timestamp":1700933450412,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dreamwp.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 04 Jan 2023 00:00:00 GMT","end":"Mon, 15 Jan 2024 23:59:59 GMT"},"fingerprint":{"sha1":"30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC","sha256":"74:5A:43:66:81:0B:05:62:3A:F2:A2:6E:E2:E4:4C:6D:47:AB:7A:49:CD:57:0F:A8:51:BB:C5:DB:A0:C2:3E:C4"}}},"request":{"raw":"GET /wp-includes/ki/dhlziko/sk/images/socials.JPG HTTP/1.1\r\nHost: mdejq4mh.dreamwp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 25 Nov 2023 17:30:47 GMT\r\ncontent-type: image/jpeg\r\ncontent-length: 9110\r\nlast-modified: Mon, 06 Mar 2023 12:34:04 GMT\r\netag: \"6405ddbc-2396\"\r\nexpires: Mon, 25 Dec 2023 17:30:47 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":9110,"size_decoded":0,"mime_type":"image/jpeg","magic":"JPEG image data, JFIF standard 1.01, resolution (DPI), density 120x120, segment length 16, Exif Standard: [TIFF image data, big-endian, direntries=4], baseline, precision 8, 238x49, components 3\\012- data","md5":"8d8989b7f5fe29cc63b1843962399e4c","sha1":"ec2b7cd2f1f624832c59836779a742c0ed9f20dc","sha256":"1ace605596027318737abeca712c7a0d6d76f753cf82affba37c3d2f44862ae4","sha512":"a40fb161df8d4e0e9265af51faf901bcd9cc3df048c5e3f25fba800db2e53b6bba31dcdfb515e0865e35678d56fd7f4732a98e64a8f03df6e93dd1b3d28a01ec","ssdeep":"48:6T5pHKkh3qk/3sD103qk0e7s2QU/bxEuERA7hV2R0crAseChef5IEdddAKQjzkTp:6TqpkG1Tk0asFUzpEkMrrXefKhKQnkTp","tlshash":"1a12f91a55427f40c52ba472dcfb01c69666544f2ec06d1eb8afb8838b2c7f21dec99d","first_seen":"2023-04-30T18:39:16Z","last_seen":"2026-03-31T08:54:19.043167Z","times_seen":933,"resource_available":false,"data":null}},"time_used":874,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":873,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/images/searchloupe.svg","fqdn":"mdejq4mh.dreamwp.com","domain":"dreamwp.com","tld":"com"},"ip":{"addr":"43.250.251.25","port":0,"asn":38719,"as":"Dreamscape Networks Limited","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"","requested_by":"","date":"2023-11-25T17:30:51.274588191Z","timestamp":1700933451274,"http_version":"","security_state":"secure","security_info":null,"request":{"raw":"GET /wp-includes/ki/dhlziko/sk/images/searchloupe.svg HTTP/1.1\r\nHost: mdejq4mh.dreamwp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":""},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 25 Nov 2023 17:30:47 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 329\r\nlast-modified: Mon, 06 Mar 2023 12:34:04 GMT\r\ncache-control: max-age=86400\r\nexpires: Sun, 26 Nov 2023 17:30:47 GMT\r\nx-newfold-cache-level: 2\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"","status_text":"","fingerprints":null,"data":{"size":329,"size_decoded":0,"mime_type":"text/plain; charset=utf-8","magic":"SVG Scalable Vector Graphics image\\012- , ASCII text, with very long lines (329), with no line terminators","md5":"3d7de098db257a26983280a316b9dc09","sha1":"bb56940343b38534d1427390bc91cb251dfa6d18","sha256":"fd85293d457b5dc514838dd7d5c7c1509a7eed60e23cb32ab9303666833eb98a","sha512":"99184f586e923068a5957193cf961c13fc35da3a21bbc932043bd05ac12e0749c058abe3e58b119c7ae05f61b8cc319b22c826e49005262c3eb2bfe28f1aa4c2","ssdeep":"","tlshash":"64e0c6bc9b88041ca803c5041f2bbb18532f50ec30888018aafee0a8d0c7ca2e003284","first_seen":"2023-04-30T18:39:16Z","last_seen":"2026-03-31T08:54:19.037378Z","times_seen":830,"resource_available":false,"data":null}},"time_used":0,"timings":{"blocked":0,"dns":0,"connect":0,"send":0,"wait":0,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/images/customer.svg","fqdn":"mdejq4mh.dreamwp.com","domain":"dreamwp.com","tld":"com"},"ip":{"addr":"43.250.251.25","port":443,"asn":38719,"as":"Dreamscape Networks Limited","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php","date":"2023-11-25T17:30:50.408Z","timestamp":1700933450408,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dreamwp.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 04 Jan 2023 00:00:00 GMT","end":"Mon, 15 Jan 2024 23:59:59 GMT"},"fingerprint":{"sha1":"30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC","sha256":"74:5A:43:66:81:0B:05:62:3A:F2:A2:6E:E2:E4:4C:6D:47:AB:7A:49:CD:57:0F:A8:51:BB:C5:DB:A0:C2:3E:C4"}}},"request":{"raw":"GET /wp-includes/ki/dhlziko/sk/images/customer.svg HTTP/1.1\r\nHost: mdejq4mh.dreamwp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 25 Nov 2023 17:30:47 GMT\r\ncontent-type: image/svg+xml\r\ncontent-length: 1623\r\nlast-modified: Mon, 06 Mar 2023 12:34:04 GMT\r\ncache-control: max-age=86400\r\nexpires: Sun, 26 Nov 2023 17:30:47 GMT\r\nx-newfold-cache-level: 2\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":1623,"size_decoded":0,"mime_type":"image/svg+xml","magic":"SVG Scalable Vector Graphics image\\012- , ASCII text, with very long lines (1623), with no line terminators","md5":"1b371d3a7372c07184eceb85cac5343c","sha1":"47e5f403e20e06ad64e32488e5707249d9f8e6d6","sha256":"0c3950f8653400246636960456db609af841feb691e53911e763ee282616a390","sha512":"7cd2cf678d67a70ce30520a36a896300074b1ae621da3f0abff401754501d0e77993508ab9fbf477175f955606f4316c88e2826a2baede16821626fbf0ab43b9","ssdeep":"","tlshash":"4c31563a0740e37d15e9e6f86f1294a665cd50eed07bc70856e8c760c5c3da9fa1c0d2","first_seen":"2023-04-30T18:39:16Z","last_seen":"2026-03-31T08:54:19.033736Z","times_seen":470,"resource_available":false,"data":null}},"time_used":879,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":879,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/images/icon.png","fqdn":"mdejq4mh.dreamwp.com","domain":"dreamwp.com","tld":"com"},"ip":{"addr":"43.250.251.25","port":443,"asn":38719,"as":"Dreamscape Networks Limited","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"img","requested_by":"https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php","date":"2023-11-25T17:30:51.298Z","timestamp":1700933451298,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dreamwp.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 04 Jan 2023 00:00:00 GMT","end":"Mon, 15 Jan 2024 23:59:59 GMT"},"fingerprint":{"sha1":"30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC","sha256":"74:5A:43:66:81:0B:05:62:3A:F2:A2:6E:E2:E4:4C:6D:47:AB:7A:49:CD:57:0F:A8:51:BB:C5:DB:A0:C2:3E:C4"}}},"request":{"raw":"GET /wp-includes/ki/dhlziko/sk/images/icon.png HTTP/1.1\r\nHost: mdejq4mh.dreamwp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: image/avif,image/webp,*/*\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php\r\nSec-Fetch-Dest: image\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\nTE: trailers\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 25 Nov 2023 17:30:48 GMT\r\ncontent-type: image/png\r\ncontent-length: 2016\r\nlast-modified: Mon, 06 Mar 2023 12:34:04 GMT\r\netag: \"6405ddbc-7e0\"\r\nexpires: Mon, 25 Dec 2023 17:30:48 GMT\r\ncache-control: max-age=2592000\r\naccept-ranges: bytes\r\nX-Firefox-Spdy: h2\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":2016,"size_decoded":0,"mime_type":"image/png","magic":"PNG image data, 120 x 120, 8-bit/color RGB, non-interlaced\\012- data","md5":"d011458153ebafc72aa151494c00df0c","sha1":"65463bc6d44eae53813372c11c4b0ac843011d27","sha256":"97f7ee4e158d34feb59abf8d05fb3782f57d1c62d6ef8dcff7a26be6ad54c6f9","sha512":"79ced687d418330cd1443b2d4fc66503116192dca04b4dd6003c2dd014d6b55f69bfcd7057c3c0fce117cfb19a25e6c989ca0b17264308c57f082bdde786ea54","ssdeep":"","tlshash":"b3412c90bf40c0a805d0b617ba017077c172a146d47d599f69738c754f63b446b55caa","first_seen":"2023-04-30T18:39:16Z","last_seen":"2026-03-31T08:54:19.023172Z","times_seen":934,"resource_available":false,"data":null}},"time_used":295,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":294,"receive":1,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}},{"url":{"schema":"https","addr":"mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/css/header.css","fqdn":"mdejq4mh.dreamwp.com","domain":"dreamwp.com","tld":"com"},"ip":{"addr":"43.250.251.25","port":443,"asn":38719,"as":"Dreamscape Networks Limited","country":"Australia","country_code":"AU"},"is_navigation_request":false,"resource_type":"stylesheet","requested_by":"https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php","date":"2023-11-25T17:30:50.395Z","timestamp":1700933450395,"http_version":"HTTP/2","security_state":"secure","security_info":{"cipher_suite":"TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256","key_group_name":"P256","signature_name":"RSA-PKCS1-SHA512","protocol":"TLSv1.2","cert":{"subject":{"commonName":"*.dreamwp.com","organization":""},"issuer":{"commonName":"Sectigo RSA Domain Validation Secure Server CA","organization":"Sectigo Limited"},"validity":{"start":"Wed, 04 Jan 2023 00:00:00 GMT","end":"Mon, 15 Jan 2024 23:59:59 GMT"},"fingerprint":{"sha1":"30:F7:3F:A1:B1:C3:3A:85:4F:A8:2C:82:82:AD:F7:75:4D:65:54:CC","sha256":"74:5A:43:66:81:0B:05:62:3A:F2:A2:6E:E2:E4:4C:6D:47:AB:7A:49:CD:57:0F:A8:51:BB:C5:DB:A0:C2:3E:C4"}}},"request":{"raw":"GET /wp-includes/ki/dhlziko/sk/css/header.css HTTP/1.1\r\nHost: mdejq4mh.dreamwp.com\r\nUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:105.0) Gecko/20100101 Firefox/105.0\r\nAccept: text/css,*/*;q=0.1\r\nAccept-Language: en-US,en;q=0.5\r\nAccept-Encoding: gzip, deflate, br\r\nDNT: 1\r\nConnection: keep-alive\r\nReferer: https://mdejq4mh.dreamwp.com/wp-includes/ki/dhlziko/sk/billing.php\r\nSec-Fetch-Dest: style\r\nSec-Fetch-Mode: no-cors\r\nSec-Fetch-Site: same-origin\r\nPragma: no-cache\r\nCache-Control: no-cache\r\n\r\n","headers":null,"cookies":null,"method":"GET"},"response":{"raw":"HTTP/2 200 OK\r\nserver: nginx\r\ndate: Sat, 25 Nov 2023 17:30:47 GMT\r\ncontent-type: text/css\r\nlast-modified: Mon, 06 Mar 2023 12:34:04 GMT\r\nvary: Accept-Encoding\r\netag: W/\"6405ddbc-18b0\"\r\nexpires: Mon, 25 Dec 2023 17:30:47 GMT\r\ncache-control: max-age=2592000\r\ncontent-encoding: gzip\r\nX-Firefox-Spdy: h2\r\n\r\n","headers":null,"cookies":null,"status_code":"200","status_text":"OK","fingerprints":null,"data":{"size":6320,"size_decoded":0,"mime_type":"text/css","magic":"ASCII text, with very long lines (7008), with no line terminators","md5":"c5fb5eff9fa94d9cf1e0635afb724e64","sha1":"54499e44c20d7c00c9738c156511262e7f0fa5ea","sha256":"1d9e09ed4b6deff36ce1b2d1ed43de6f110a365ca0c35cf9026544187f163435","sha512":"df3716cfbe18c9ca780597f4fe5c7371de410b9a100fbaea098816d4be6c7a825d29df296da5a147723aa92bc745bb756a7fe5dfc3033618ff5f4b8c321cf046","ssdeep":"192:LoGiph1NM/jmoJYrxmScxZ5T0KCtimimcOXxYA:MqU1Dt","tlshash":"00e17c0d1d0a3334ae43746c2cf29742514df45f9186d7af3e8d6289c7df19889a1bad","first_seen":"2023-04-25T18:58:22Z","last_seen":"2025-04-01T07:11:06.320039Z","times_seen":121,"resource_available":false,"data":null}},"time_used":294,"timings":{"blocked":-1,"dns":0,"connect":0,"send":0,"wait":294,"receive":0,"ssl":0},"alerts":{"ids":null,"analyzer":null,"urlquery":[{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null},{"sensor_name":"urlquery","alert":"Phishing - DHL","verdict":"phishing","severity":"medium","comment":"Asset commenly seen with DHL phishing","tags":["dhl","logistics","phishing"],"meta":null}]}}]}